Your information
General Data Protection Regulation (GDPR)
Under the GDPR, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it. More detail about how we collect, process, transfer and store your data can be found in our privacy notices below.
- General Privacy Notice (April 2024) (PDF Form) (opens in new window)
- Nottinghamshire Healthcare privacy notice children and young adults (April 2024) (PDF Form) (opens in new window)
- Supplementary Privacy Notice - COVID-19 (PDF Form) (opens in new window)
- About your information - August 2024
What are my rights in relation to my data?
Under the General Data Protection Regulation and Data Protection Act 2018 you have specific rights in relation to your data; you can make these requests at any time. Your rights are as follows:
Right to be informed
Nottinghamshire Healthcare has a duty to provide you with information in relation to how your personal and special category data (more sensitive personal data) is collected, stored and processed. This is provided within our privacy notice on this page.
Right of Access to Information/Subject Access Requests
The easiest way to request a copy of the information Nottinghamshire Healthcare holds about you is by using the AMS SAR Portal - if you'd like to make a Subject Access Request, either for yourself or on behalf of someone else, please use the following link to submit your request - AMS SAR Portal. Alternatively, you can email AccesstoInformation@nottshc.nhs.uk or you can telephone us to make your request.
The information is generally available to you free of charge once you provide appropriate ID. We have one calendar month to respond to your request. In certain circumstances we may not be able to provide a response in such a time scale; however, we will write to you and inform you of this as soon as possible. Please contact the Information Governance team for further information by emailing
InformationGovernance@nottshc.nhs.uk.
Right to rectification and erasure
You have the right to request the rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the rights to rectification and erasure are not an absolute right and it may be necessary for Nottinghamshire Healthcare to continue to process your personal data for lawful and legitimate reasons. If you wish to make such a request, please email InformationGovernance@nottshc.nhs.uk.
Right to object to, or restrict processing
You have the right in certain circumstances to ask Nottinghamshire Healthcare to stop processing your personal data in relation to any Trust service. You can also request not to receive information from the Trust. However, the right to object to, or restrict processing is not an absolute right and it may be necessary in certain circumstances for Nottinghamshire Healthcare to continue to process your personal data for a number of lawful and legitimate reasons.
If you wish to object to your information being processed, to receiving information from the Trust, or wish to have information rectified or erased, please email your request to InformationGovernance@nottshc.nhs.uk.
Rights in relation to automated decision making and profiling
Nottinghamshire Healthcare does not use your information to make automated decisions about you, nor to undertake profiling.
Right to Data Portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. If you wish to make such a request please email AccesstoInformation@nottshc.nhs.uk.
Who do I contact if I have any concerns about my data?
To safeguard your information and to support your rights, Nottinghamshire Healthcare has appointed a Data Protection Officer (DPO). The role of the DPO is to monitor internal compliance with data protection legislation and inform and advise staff, patients, carers and the public in relation to data protection. The DPO can be contacted by emailing DPOEnquiries@nottshc.nhs.uk.
If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, you can also contact our Patient Advice and Liaison Service.
Alternatively, you can also contact the Information Commissioner if you have a complaint about our processing of your personal data:
The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 or 01625 545 745
Fax: 01625 524510